Rust: Lift content reads as taint steps

[paldepind]

Let read steps give rise to taint steps. This has the effect that if foo is tainted and an operation reads from foo (e.g., foo.bar) then taint is propagated.

We limit this to not apply if the type of the operation is a small primitive type as these are often uninteresting (for instance in the case of an injection query).

This PR lifts readContentStep instead of readStep. The latter subsumes the former and additionally includes reads from flow summaries. Doing the type based restriction for these wasn't completely trivial and including them without such a restriction caused spurious results in some of the tests. If anyone has an idea on how to do the type restriction for those, then we can do that in follow up work.

[Copilot]

Pull request overview

This PR enhances Rust taint tracking by lifting content reads as taint steps, enabling automatic taint propagation when reading from tainted values (e.g., foo.bar inherits taint from foo). The implementation filters out small primitive types (numerics, booleans, characters) to avoid spurious results in injection queries.

Key changes:

• Added logic to propagate taint through readContentStep operations with type-based filtering
• Simplified actix-web models by removing redundant field-specific taint summaries
• Updated test expectations to reflect newly detected taint flows

Reviewed changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
rust/ql/lib/codeql/rust/dataflow/internal/TaintTrackingImpl.qll	Implements taint propagation through read operations with primitive type filtering
rust/ql/lib/codeql/rust/frameworks/actix-web.model.yml	Removes redundant field-specific taint models that are now handled automatically
rust/ql/test/library-tests/dataflow/sources/web_frameworks/test.rs	Updates test annotations to reflect newly detected taint flows in web framework handlers
rust/ql/test/library-tests/dataflow/sources/web_frameworks/InlineFlow.expected	Updates expected flow analysis results with new taint propagation edges
rust/ql/test/library-tests/dataflow/sources/net/test.rs	Updates network test annotations for newly detected flows
rust/ql/test/library-tests/dataflow/sources/net/InlineFlow.expected	Updates expected network flow results
rust/ql/test/library-tests/dataflow/sources/file/InlineFlow.expected	Updates expected file I/O flow results
rust/ql/test/library-tests/dataflow/sources/env/test.rs	Updates environment variable test annotations
rust/ql/test/library-tests/dataflow/sources/env/InlineFlow.expected	Updates expected environment flow results
rust/ql/test/library-tests/dataflow/sources/database/test.rs	Updates database test annotations
rust/ql/test/library-tests/dataflow/sources/database/InlineFlow.expected	Updates expected database flow results
rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected	Updates lifetime analysis test expectations

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[hvitved]

Performance doesn't look good on rust.